The BBC is reporting that there seems to have been a massive data breach of 200 million Yahoo accounts, with the data – which appears to be from 2012 – being offered for sale for 3 bitcoins ($1805 USD).
According to the BBC article, from a sample of 5000 of the 200 million account credentials being offered for sale by the hacker, who goes by the name of “Peace” and who has also been tied to massive hacks of LinkedIn and MySpace, Motherboard tested a sample of about two dozen and found them to be legitimate, meaning that they were real accounts, and the credentials worked to log into them.
In a statement, Yahoo said that “Yahoo works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”
However, while the passwords are hashed, Peace has also published the algorithm used to hash the passwords. So, even if you have “created strong passwords” there’s no guarantee that your data will be protected from this sort of breach.
As security expert Professor Alan Woodward points out in the BBC article, “The algorithm MD5 is considered to be weak, and for the vast majority of passwords it is easy to reverse what it was using what we call a dictionary attack.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
So, if you have a Yahoo account, it’s time to go change your password. Or, to close it.